Setting us a Symantec Management Platform (SMP) Integration

Privilege Manger integrates with the Symantec Management Platform (SMP) to allow the

• import of computers for use in computer groups and identifying systems that exist on the network, but don't have an endpoint agent installed yet.
• import of existing Resource Collections from SMP and use them for Verify Privilege Manager policy targets.
• inventory of SMP Software Packages to use the package contents in Verify Privilege Manager Application Control policies.

Create a Credential

Verify Privilege Manager needs a username and password to access SMP. If you have not already created an appropriate user credential:

1. Navigate to Admin | Configuration | Credentials.
2. Click Create, to create user credentials to access SMP.
3. After entering the user credentials information for SMP, click Save Changes.

Connecting to SMP

Before you can import data from SMP you need to setup a foreign systems connection in Verify Privilege Manager for the SMP integration.

1. Navigate to Admin | Configuration and select the Foreign Systems tab.

2. Select Symantec Management Platform. If this is not listed, make sure the connector is installed by verifying via the Verify Privilege Manager Add/Upgrade Features page.

3. Click Create.

   

4. Name the Symantec Management Platform and provide the URL of the Altiris console.

5. Click Create.

6. Select the newly created SMP foreign system and click Edit.

7. Under Settings select the SMP user credential that you created in the previous procedure.

8. Click Save.

Import Computers

Before you can import collection data from SMP, Verify Privilege Manager needs to know about computers in your SMP.

1. Navigate to Admin | Tasks.

2. On the Tasks tab open the folder tree and select Server Tasks | Foreign Systems | Symantec Management Platform.

3. Click SMP Sync Computers.

   

4. Click Run.

5. Select your SMP system via the Select... option.

   

6. Click Run Task.

Verify the Computers have been Imported (optional)

1. Navigate to Admin | Resources.

2. Open the Resources tab.

3. In the folder tree open Organizational Views | Default | All Resources | Asset | Network Resource | Computer.

4. Select a computer from that list.

5. Select the Known Data tab in the computer resource explorer view.

6. In the tree under Foreign Systems, you should have the Foreign System Id and SMP Platform Id data.

Create a Collection

After computers have been imported, you can create a collection to mirror an SMP collection.

1. Navigate to Resources, open the Resource Filters tab.

2. In the folder tree under Resource Filters open Collections | Symantec Management Platform.

3. Click Create

4. Enter a Name and Description, and specify the SMP instance to connect to.

   

5. Click Create.

6. Select the Filter Definition tab and under Foreign Collection select the Collection target.

   

7. Click Save Changes.

8. Click the Sync Foreign Collection to update the membership immediately. The foreign collection update can also be scheduled by following the link in the help tip.

9. Select the Membership tab and then click the Update Membership tab to see the current membership of this collection.

Inventory Software Packages

Once the Foreign System has been created, an on-demand packages synchronization can be run and/or a regular synchronization schedule can be set-up via the following steps:

1. Navigate to Admin | Tasks.

2. On the Tasks tab open the folder tree and select Server Tasks | Foreign Systems | Symantec Management Platform.

3. Click SMP Sync Packages.

   

4. Click Run.

5. Select your SMP system via the Select... option.

   

6. Click Run Task.

Alternatively the SMP Sync Packages task can be scheduled to regularly repeat. When viewing the task, navigate to the Schedules tab and create a new schedule.

Create a SMP Package Content Filter

After the Package Synchronization completes the SMP Packages can be used in application control policies via package content filters.

1. Navigate to Admin | Filters.

2. Click the Create Filter button.

3. From the Platform drop-down select Windows.

4. From the Filter Type drop-down scroll to Inventory Filters and select the Package Contents Filter.

5. Set the Name and Description of the filter.

6. Click Create.

7. Next to Package, click Select resource....

8. Select the package from SMP that will be targeted.

9. Set the switch Results will be to Included.

   

10. Navigate to the Membership tab.

11. If no items are listed in the membership table, click the Sync Package button.

    

    Running the sync package task, causes the server to inventory the package referenced in the filter. If you have multiple filters and packages, IBM Security recommends to use the Inventory Packages Referenced in Allow Lists task instead.

12. Click Save Changes.

This filter can then be referenced in Application Control policies.